[HN Gopher] Cracking of encrypted messaging service dealt major ...
___________________________________________________________________
Cracking of encrypted messaging service dealt major blow to
organised crime
Author : melicerte
Score : 79 points
Date : 2021-03-09 14:02 UTC (8 hours ago)
(HTM) web link (www.brusselstimes.com)
(TXT) w3m dump (www.brusselstimes.com)
| kingsloi wrote:
| I had just read about Dutch meth. That's one thing I never
| thought I would hear about, Dutch meth. However, a Breaking Bad
| European spin off would be interesting.
| samatman wrote:
| Not quite Breaking Bad, because it comes at the story from the
| other direction, but there's a German show on Netflix called
| How To Sell Drugs Online (Fast), which is pretty entertaining
| so far.
|
| I expect if the series lasts long enough they'll work the
| storyline up to manufacture.
| kazen44 wrote:
| Undercover[1] is a dutch series depicting a pretty common
| scenario. The south of the country supplies a majority of the
| world in xtc. [2]
| [1]https://en.wikipedia.org/wiki/Undercover_(2019_TV_series)
|
| [2] https://i.redd.it/v31h0g7tnhc51.jpg
| csense wrote:
| Any technical info on how the app was compromised?
|
| If I worked for the government and I wanted to break into an app,
| I'd simply send a letter to the app store saying "Yeah you have
| to post this app update that contains code written by government
| hackers to leak the keys / messages of (investigation targets |
| everyone). If you don't, your executives / employees will (be
| sent to jail | be kidnapped by black ops forces, shot, and buried
| in an unmarked grave). Ditto if you tell anyone about this
| letter."
| iudqnolq wrote:
| I enjoyed this snark, but I wonder if they're actually legally
| entitled to it.
|
| > Sky ECC promised a 5 million USD (EUR4.2 million) prize on its
| website, which is currently down, to anyone who could crack its
| encryption.
|
| > It is not yet clear if Belgian authorities plan to claim the
| reward.
| LorenPechtel wrote:
| Most of the time it's not actually cracking the encryption that
| breaks these things.
| wmf wrote:
| Those companies never pay out anyway.
| iudqnolq wrote:
| Still, it would be a fun lawsuit
| cybert00th wrote:
| >But critics say more than 90% of its customers are criminals.
|
| They're a bit thin on the details of exactly who those critics
| are, which makes that statement inadmissible other than for us to
| draw the inference that the critics are law enforcement agencies
| - or worse still, governments.
|
| Don't get me wrong, I'm not condoning the misuse of encrypted
| messaging, only pointing out the convenient straw man that's been
| erected here to manipulate readers' emotions in order to short-
| circuit their ability to think critically about what's ACTUALLY
| been done by the authorities.
| tzs wrote:
| Subscriptions are EUR2100 per year. It looks like the features
| it has over cheaper or free alternatives are disabling camera,
| GPS, and microphone, deleting messages after 30 seconds, a
| "panic" password that if entered causes the device to be wiped,
| and the app is apparently somewhat hidden so it isn't
| immediately apparent to someone looking at your device that you
| have it.
|
| I'd not at all be surprised if they had a disproportionately
| large number of criminals among their users. There are plenty
| of non-criminal uses for which you need highly secure
| messaging, but much fewer for which you need 30 second
| deletion, a panic mode, and to hide the fact that you have a
| secure messaging app.
| [deleted]
| pentaphobe wrote:
| Completely agree on all points - it also kind of buries the
| lead with regard to the rather cliche false equivalency
|
| Up there with [cash is used for bad things, so we should ban
| cash](https://www.businessinsider.com.au/why-cash-should-be-
| illega...)
| buran77 wrote:
| It's the typical "think of the children" or "but the
| terrorists" approach. Everyone is treated like a criminal
| because some of them could be.
|
| Calling the users "criminals" makes it harder to defend them
| at first glance because the first reaction is "you're
| defending criminals". And attaching a number to this, even an
| impossible to support statistic, is meant to make the
| statement more believable, everyone likes nice, round
| numbers.
|
| Of course they hope nobody raises the not so obvious points.
| Even taking that statement at face value (which you
| definitely should not) what about the other 10% non-criminals
| whose privacy was violated without any reasonable cause?
| Where else are they using the excuse that 90% success rate is
| acceptable? If 90% is enough to paint everyone with the same
| brush, when 90% of users are not criminals why aren't the
| other 10% also treated as innocent too?
|
| In reality just about 100% of "critics" saying this are law
| enforcement agencies or governments who will violate your
| rights or break the law in a heartbeat if it means getting
| their way.
| bobbylarrybobby wrote:
| FYI https://www.merriam-webster.com/words-at-play/bury-the-
| lede-...
| sillysaurusx wrote:
| Is it misuse? Being able to say what you want (illegal or not)
| without the government knowing about it is arguably one of the
| most advertised features of encrypted messaging.
|
| (I agree with your assessment, of course. Just curious what
| your personal stance is.)
| LaundroMat wrote:
| As a Belgian citizen (but not a criminal, as far as I know) I'm
| very interested to hear the HN community's take on this. The
| local press is saying no encryption is safe for the police
| (anymore) and that it was Belgian law enforcement that was able
| to crack the encryption of the app the criminals were using.
|
| I wonder if the press knows what it's talking about.
| joemazerino wrote:
| When your client base is comprised of child traffickers,
| cocaine smugglers and murderers. A company that prides itself
| on hiding nefarious figures with little to no legitimate
| clients will surely find itself at the end of a LEO hack.
| sleepytimetea wrote:
| Love the disclaimer ("but not a criminal, as far as I know").
|
| Have you read those bizarre fake facts like "it is illegal to
| eat oranges in your bathtub in California" ? If you haven't, I
| am sure you have broken myriad weird laws like that and are, in
| fact, a criminal ! :-).
| ENOTTY wrote:
| A great source of these for the US federal jurisdiction is
| the CrimeADay Twitter account https://twitter.com/crimeaday
| swiley wrote:
| Lets see here:
|
| Not open source: check
|
| Not federated (so they can force you to update the client):
| check
|
| Integrates with carrier value add: check (SIM crap)
|
| Integrates with OS vendor value add: check
|
| Flashy website with third party requests to google.com: check
|
| Yeah this looks like crap to me.
| iorrus wrote:
| What is federation in this context?
|
| Does not federated mean not using a jailbroken phone?
|
| Or is it related to how the app is installed?
|
| Or the underlying infrastructure relying on a central server
| instead of distributed?
| dboreham wrote:
| Federated means everyone gets to pick which server they
| use, including one that's specific to just that one user.
| SV_BubbleTime wrote:
| To expand in case it isn't clear... if you have a
| federated client it has to work to a standard, a backdoor
| at the client could be added on one app but probably not
| all the options. If you were trying to hack a system like
| this and they don't use a federated client, the only
| option is the "official app" and authorities could have
| taken control of that, added a backdoor, and pushed it
| out as an update.
|
| This could still happen with any one or two or multiple
| federated apps, but the changes at a lot less likely this
| would go undetected.... then again... I have less faith
| in the "many eyes" theory of these things since
| HeartBleed was an OpenSSL flaw for years and that was
| open source no one ever noticed.
| swiley wrote:
| Open source is more of a minimum requirement not
| assurance of quality.
| tomc1985 wrote:
| Most likely Sky ECC had some kind of weakness or vulnerability
| that made it vulnerable to attack.
|
| Encryption is really hard, and one mistake can unravel all of
| your efforts. I doubt that a boutique shop like Sky ECC's
| owners had the resources to secure it as well as they claimed.
| iorrus wrote:
| Seems crazy to do things this way. Why not use signal or
| telegram secure chat, get lost in the crowd
| unnouinceput wrote:
| Because Signal definitely will comply with a judge if given
| good reasons, like "here is a criminal organization using
| your app, help us dismantle it" and Telegram is the same as
| Signal with the exception is Russian.
|
| Also encryption is as good as its weakest link, in this
| case are humans. Probably police flipped some criminals to
| be informers and now it's running a smoke&mirrors campaign
| in media in order to send rest of criminals to make more
| mistakes.
|
| As for the ideal way to do organized crime the main
| ingredient is to own judges + police and you're set for
| life. From time to time let some minor transport get
| intercepted by your corrupt policemen, have some small fish
| get fried by your judge and stir waters for a few days in
| media in their favor. Maybe this news is exactly that and
| while the newspapers are reporting few millions captured
| you haul the rest of billions without a hiccup.
| LockAndLol wrote:
| Signal doesn't store the keys on their servers, nor do
| they know who is talking to whom. You should read up
| their protocol.
| [deleted]
| joemazerino wrote:
| Neither of those options provide revenue.
| novok wrote:
| If you go to their store page, you'll see their side of the
| story. Basically they say that the hack clients were
| sideloaded / modified versions. Which if you think about it,
| might be the way the police cracked the network.
|
| "Sky ECC platform remains secure and our authorized devices
| have not been hacked.
|
| There have been recent news articles that claim Sky ECC has
| been hacked and is involved in criminal activity. This
| information is not accurate. We have looked into these claims
| and discovered that a small group of individuals illegally
| created and distributed an unauthorized version of Sky ECC
| which they modified and side-loaded onto unsecure devices.
| Security features that come standard with the Sky ECC phones
| were eliminated in these bogus devices. ..." [0]
|
| [0] https://store.skyecc.com/
| tomc1985 wrote:
| Yeah, but do you actually trust them to be honest?
|
| Pretty much _every_ company responds to this kind of stuff
| with "nothing to see here, move along"
| WJW wrote:
| From what I read in the Dutch news, they managed to crack about
| half the messages so far. That they haven't cracked them all
| indicates that it is not a vulnerability in the encryption
| itself. I suspect that the police managed to gain physical
| access to the servers and went from there. Opsec is really
| really hard.
|
| Fun, unrelated story: apparently some of the intelligence
| operations managed to get their hands on the laptop of a target
| while it was at some maintenance store to get the screen
| replaced. They managed to install a physical keylogger inside
| it with its own radio, but hooked up to the laptops power
| supply. This is the kind of shenanigans you have to be aware of
| and defend against when you run a service like Sky ECC. The
| slightest slip up and you are doomed.
| wiz21c wrote:
| It'd be nice a to have police officer talk about this :-)
|
| But is it me or police techniques such as gaining physical
| access to criminals, flipping them to informers, close
| surveillance, etc. continue to be very efficient even in the
| face of quite good technology ?
| doublextremevil wrote:
| why would anyone use this over something like signal?
| er4hn wrote:
| At a guess - flashier marketing sold to consumers who don't
| know better.
| vecinu wrote:
| Another likely scenario, people who do "underground" things
| prefer using not so popular tools to evade authorities but
| that may prove to have the opposite effect if they're not
| built robustly.
| wp381640 wrote:
| The devices do more than signal since they remove GPS,
| microphones, have a custom OS and provide anonymous burner SIMs
| on a subscription
|
| Most of these hacks are the equivalent of hacking signal and
| backdooring the software
|
| This shit is hard especially when LE is determined, but
| criminal syndicates aren't dumb and hire a lot of smart people
| novok wrote:
| Why would you work at a criminal syndicate where you could
| just work in big tech with these levels of skill? These
| syndicates would have to pay $1 million /yr minimum to
| justify the risk.
| shadowgovt wrote:
| Depends on the cirumstances. For example, if you have a
| criminal record, some of big tech is quite a bit less
| interested in talking to you. Criminal syndicates,
| obviously, don't consider a criminal record a deal-breaker.
| jdmoreira wrote:
| also you might have family and community ties to some of
| these people. They might groom you since you are an early
| teen.
|
| When I was 13 for sure being the hacker in a crime
| organization would have sounded somewhat appealing.
| novok wrote:
| good point
| antihero wrote:
| I imagine they have way better office parties.
| AJ007 wrote:
| A requirement to be involved in narcotics distribution is
| inability to think things through very carefully.
| boringg wrote:
| Or a lack of other viable options. I would agree with
| your comment on the whole though. Typically doesn't end
| well.
| dgellow wrote:
| How do they hire talents? You can make lot of money legally
| if you're a smart person in tech, I guess they have to offer
| either ridiculously high salaries, or something else?
| antihero wrote:
| So this puts an absolutely huge amount of trust in one place
| (the Sky ECC) company. A single point of failure that can
| control and have access to everything if it goes rogue.
| Surely just having some internally maintained ROMs with
| Signal/Telegram/Riot/OTR and your own process for procuring
| and cycling burners would be better if you have the money and
| resources?
| topynate wrote:
| > since they remove GPS, microphones, have a custom OS and
| provide anonymous burner SIMs on a subscription
|
| That is, do a bunch of crap that will immediately make you
| stand out to any modern (by which I mean, total) surveillance
| agency. The syndicates' problem isn't stupidity but
| _immodesty_ - typical of organized crime. They thought they
| were, not smart, but the smartest, and that made it easy for
| other criminals to sell them garbage security products.
| wp381640 wrote:
| From a network perspective it's indistinguishable from a 4G
| hotspot
|
| The devices are also heavily rotated, they can also have
| IMEI numbers updated
|
| To date with all of the public breach details it's always
| been humint that lead to the networks being taken down
| gruez wrote:
| > From a network perspective it's indistinguishable from
| a 4G hotspot
|
| Not exactly, because that would depend on how competent
| the network is. For a "dumb" network yes, they won't know
| whether it's a 4g hotspot or not, but it's conceivable
| that an all-knowing adversary (eg. NSA) can infer the
| make/model of the phone based on fingerprinting or even
| the IMEI.
| jacquesm wrote:
| After Encrochat you'd think they would wise up, this is pretty
| much a re-run.
| ricardobayes wrote:
| Change my mind on this, but in countries with freedom of speech,
| the only reason to have this much 'privacy' is if you're doing
| something shady. Again, looking for a conversation here. edit: By
| 'this much' I mean going extreme lengths to secure privacy, the
| online equivalent of using a numbered swiss bank account. Nice
| discussion so far, thoroughly enjoying it. I don't mind the
| dislikes, if that makes your day better, dislike away.
| meepmorp wrote:
| You can want to keep something secret without doing something
| shady.
|
| How you want your doctor to tell you that you've got gonorrhea:
| in a private conversation in their office, or through shouting
| it at you in the waiting room?
| ricardobayes wrote:
| Some great ideas thanks. But I feel most of the examples
| given are not adequate. By 'this much privacy' I meant going
| out of way to use 'untraceable' software. I don't think a
| doctor's office is relative to this, more like a numbered
| swiss bank account.
| meepmorp wrote:
| Ok, think of someone in a situation where the cost of being
| discovered is too great, even if unlikely.
|
| Whistleblowers, human rights activists, people in abusive
| or dangerous living situations they can't immediately
| escape, sexual assault victims seeking support in private,
| a well known person who has personal issue they want to
| keep to themselves.
|
| If you stand to lose a lot by being identified, then you're
| a use case.
| chickenpotpie wrote:
| Example: someone has an abusive spouse that they're trying to
| get away from a needs a way to communicate for help without
| them being able to find out
| ricardobayes wrote:
| Interesting - around here they have a code word that can be
| said to the pharmacist and they will know what to do (call
| the cops).
| yakz wrote:
| The key word in what you wrote is "shady" because that word is
| going to be open to interpretation by the enforcers who are
| almost certainly corrupt to some extent. So, it's better to
| just limit the power of the enforcers as much as possible (in
| other words, the maximum limit that you can convince your
| society to allow).
| frongpik wrote:
| Can you look up emails or listen to phone calls of a high
| ranked politicians or the rich elite? You can't because they
| think it's none of your business and have power to do their
| business in secrecy. There's a lot of shady people doing some
| large scale crime.
| PeterWhittaker wrote:
| This inevitably came up back when I taught privacy and security
| classes. I always asked everyone with kids to raise their hands
| (most hands went up).
|
| Then I would ask "don't raise your hands, but when dealing with
| your kids, have any of you ever acted in a way wasn't captured
| on camera?"
|
| I don't mean beating or physical abuse or anything that
| horrible, and everyone knew it. Combine young tired kids with a
| cranky, tired adult, and it's almost guaranteed that the adult
| will have had at least one rage meltdown.
|
| They probably only yelled and ranted. But they probably looked
| like a monster doing it.
|
| How quickly would such an image or film go viral? And how
| condemned would the person be?
|
| We are all foibly humans, we all have moments that we regret or
| that fill us with shame. And we're all glad they weren't
| recorded for posterity.
|
| Privacy isn't about protecting your best face, your public
| face. It's about protecting all of your faces, all of your
| moods, your knowledge, your relationships, etc.
|
| We have free speech, but do we have freedom from
| judgementalism? Until we do, we all need privacy.
| ricardobayes wrote:
| Thanks for the example there. I should have clarified better
| I meant more like the online equivalent of numbered swiss
| bank accounts, not a simple visit to the doctor's office or
| yelling at kids. I think one of the key discussions of this
| decade will be how much is too much privacy - and how little
| is too little privacy. We will see products and services
| triumph and fall based on this discussion.
| abstractbarista wrote:
| Do you have blinds on your windows?
| ricardobayes wrote:
| Interesting point. In the Netherlands, many houses don't have
| curtains, you can see directly into the living room from the
| street. It stems from the old tradition of wives being
| accountable when their husbands were at sea. I learned from
| your comment (perceived) privacy is also cultural.
| ganzuul wrote:
| Privacy is skewed to the disadvantage of women in the
| Netherlands? Am I reading you correctly?
| black6 wrote:
| Not sure of the provenance of the quote, but I heard it from
| Steve Gibson: "I don't have anything to hide when I'm using the
| toilet, but I still like my privacy when doing so."
| unnouinceput wrote:
| Exactly this, +1. I definitely have nothing to hide but I
| really don't want my photos of my kids to end up in some dark
| web location used by pedophiles, just because google is an
| idiot and let it slip while backed my photos without my
| consent in their cloud (true story, I had to fight 3 months
| to have that backup deleted from their server).
| ganzuul wrote:
| It's about trust. If someone is trying to find out what I'm
| doing, I'm going to hide what I am doing because they are
| acting suspicious. The more asymmetric the power balance, the
| less trust can exist.
|
| A less biological, more modern concern, is that a potentially
| super-intelligent actor (e.g. an ML team dedicated to finding
| human weakness and exploiting it, like marketing depts do)
| could find out things about me that even I didn't know and use
| it against me.
|
| In the modern world complete paranoia and distrust in is the
| only strategy with guaranteed sucess which respects our drive
| to survive. Mass-manipulation of elections is a symptom of the
| disease.
| djrogers wrote:
| One aspect to this is that cultural norms, and those in power,
| change over time. There are tons of people who said or believed
| things 10 years ago that would get them fired today. And that's
| in countries with freedom of speech.
|
| I'd be shocked if most people would be ok with public
| disclosure of every inconsiderate, off-color, or poorly worded
| joke you've ever made in _private_. That's leaving aside things
| like intimate conversations with a spouse /SO, etc.
|
| That said, I wouldn't be using a service like this to get
| there, but I do value the ability to use a privacy-focused
| messaging app in my day-to-day life.
| usernamebias wrote:
| If you visit the app's website, you get this big popup.
|
| -------------
|
| Sky ECC platform remains secure and our authorized devices have
| not been hacked.
|
| There have been recent news articles that claim Sky ECC has been
| hacked and is involved in criminal activity. This information is
| not accurate. We have looked into these claims and discovered
| that a small group of individuals illegally created and
| distributed an unauthorized version of Sky ECC which they
| modified and side-loaded onto unsecure devices. Security features
| that come standard with the Sky ECC phones were eliminated in
| these bogus devices.
|
| Sky ECC considers these actions as malicious and we are taking
| legal action against these individuals for defamation and fraud.
|
| We have also blocked these users from our system and enhanced
| security to prevent reoccurrence of this issue. The
| implementation of these enhancements temporarily interrupted our
| Sky ECC service which has now been re-established.
|
| We continue to stand by our position and our product. We strongly
| support that people have the fundamental right to privacy. With
| the extensive and broadly documented rise worldwide of corporate
| espionage, cybercrime and malicious data breaches, systems like
| SKY ECC are the foundation of the effective functioning for many
| industries including legal professionals, public health providers
| and vaccine supply chains, celebrities, manufacturers and many
| more.
|
| We believe that the individual right to privacy is paramount for
| those who are acting within the law and we do not condone the use
| of our product for criminal activity. We also have our Terms of
| Service that every user must adhere to and, provided that they
| do, our company will work feverishly to protect their rights with
| the world's most secure platform.
|
| ------------
|
| Thoughts?
| boringg wrote:
| 17 tonnes of cocaine - thats a crazy amount.
| neves wrote:
| The belief in encrypted message apps is a gold mine. In Brazil,
| the former president Lula has been convicted to jail. A hacker
| broke Telegram and got the messages that demonstrated a
| conspiracy between the judge and the prosecution:
| https://www.wired.com/story/brazil-hacker-bolsonaro-car-wash...
|
| The conviction prevented him to run for office (he was the
| favorite in the polls). Yesterday the ex-president got his
| political rights back and will probably be candidate in 2022 to
| try to defeat Bolsonaro.
|
| Everything due to the hacker (And the journalist Glenn Greenwald
| of Snowden fame)
| matthewdgreen wrote:
| >The belief in encrypted message apps is a gold mine.
|
| I think you mean "the belief that non-E2E encrypted messaging
| apps are actually E2E-encrypted messaging apps" is a goldmine.
| Ditto TFA.
|
| Real E2E systems aren't invulnerable: there are certainly hacks
| that target endpoint devices. But it's astonishing to me how
| many people end up using centralized, non-E2E apps when secure
| ones are available.
| filleokus wrote:
| Maybe I'm overconfident in the security of an up-to-date iOS
| device with a complex passcode, but I would have just used Signal
| if I was tasked with running the IT ops of some crime syndicate.
|
| Turn of all cloudy functions, hell maybe use some kind of
| enterprise MDM to enforce polices on your subordinates.
| dgellow wrote:
| Signal is bound to a phone number, no? I think I would go with
| OTR via XMPP, or whatever is a modern protocol. Or maybe Matrix
| is now a good alternative?
|
| I didn't use OTR since a long time now, so not sure if that's
| still a good choice, but it's quite versatile and easy to
| setup.
|
| Edit: OTR doesn't seem to be recommended anymore, OMEMO seems
| to be the modern alternative
| https://en.wikipedia.org/wiki/OMEMO
| Groxx wrote:
| It is, but it's not re-validated once used. You can get a
| burner phone, sign up, ditch the phone.
| swiley wrote:
| I'm not going through the hassle of _buying a new phone_
| just to create another centralized chat account. I have
| email (with GPG if you don 't mind that,) a jabber account
| with OMEMO enabled clients, and SMS. Two people have
| bothered to ask if I want to use signal and everyone just
| uses SMS.
| [deleted]
| thepangolino wrote:
| Isn't OTR protocol Indeoendent? I remember using it even
| through Facebook via Pidgin.
|
| OMEMO seems tied to XMPP.
| upofadown wrote:
| >Sky ECC promised a 5 million USD (EUR4.2 million) prize on its
| website, which is currently down, to anyone who could crack its
| encryption. > >It is not yet clear if Belgian authorities plan to
| claim the reward.
|
| For the EncroChat takedown they didn't crack the encryption. They
| instead flipped an employee who cooperated in the installation of
| a remote access Trojan on all the phones. Are they actually
| claiming they did something different here?
| joemazerino wrote:
| Source for the trojan/employee flipping claim?
| [deleted]
| fitblipper wrote:
| >It defended its services, stating they "strongly believe that
| privacy is a fundamental human right."
|
| > But critics say more than 90% of its customers are criminals.
|
| How do the critics know? This appears to be an attack on privacy.
| The implied idea is that personal communication for all should be
| published at least to law enforcement so law enforcement can do a
| better job of finding the baddies.
| PoignardAzur wrote:
| Given that the app has features like "delete messages after 30
| seconds" and "enter a panic password to delete all your data",
| a 90% drug-dealer/political-activist ratio doesn't seem far-
| fetched to me.
|
| If you build an anti-witch-hunt app, most of your clients will
| be witches.
| zionic wrote:
| How do you know even 1% of their users use that function? If
| Facebook adds that feature tomorrow do billions suddenly
| become criminals?
|
| You assume just because the feature exists the clientele are
| using it.
| headmelted wrote:
| I'm a little surprised they would choose to advertise the fact
| that they've been able to gain access to this traffic.
|
| Surely disclosing that will just have driven the same users to
| other apps and they'll have to start from scratch (and presumably
| get lucky again in the future)?
| goatsi wrote:
| They have to disclose the source of information to be able to
| use it in criminal cases.
|
| >Surely disclosing that will just have driven the same users to
| other apps and they'll have to start from scratch
|
| From the sounds of it this app had already been cracked when
| the Eurochat bust was announced, allowing them to scoop up all
| the users who tried to just move to the next alternative. I
| imagine trust in the "secure communications for criminals"
| ecosystem will be low for a while.
|
| Police did a similar thing with darknet markets, they secretly
| took control of the second largest (Hansa) and then publicly
| announced the bust of the largest (Alphabay). They ran it for a
| month, collecting all the information (and money) they could
| (even pulling tricks like deleting all the images so drug
| vendors might accidentally reupload ones with EXIF data) before
| shutting it down. All the better to erode trust in the entire
| ecosystem.
___________________________________________________________________
(page generated 2021-03-09 23:01 UTC)